Spyware Survey Reveals Flawed Network Security Practices

MJ Flood Technology, a leading provider of communications solutions today released the results of a major spyware survey, which reveals flawed network security practices by some Irish companies. Almost one third of those questioned are leaving their networks exposed to profit-motivated attack by deploying anti-virus, firewalls or Internet filtering in the mistaken belief that these tools will block spyware. 70% of companies consider this rogue traffic a serious threat to business integrity, yet almost half are not scanning PCs with sufficient frequency and as little as one in three has actually committed IT budget to content management.

“There is a great deal of confusion about spyware and the level of threat it poses to the communications infrastructure,” according to James Finglas, sales director with MJ Flood Technology. “47% of organisations are scanning as little as once a month for the presence of spyware, indicating that a substantial number are not following best practice and are failing to deploy the type of solution required to block infection,” he says. “Spyware can have serious consequences for business including potential theft of financial assets, operational disruption, loss of market credibility and missed sales opportunities.”

Spyware or programming which is inadvertently downloaded by the user via spyware-embedded websites or freeware applications is growing in volume and sophistication. Spyware can range from relatively innocuous adware designed to capture web browsing habits to more sinister programmes which monitor a user’s keystrokes with the objective of stealing data such as banking details or credit card numbers. Some companies are paying between five and seven cents per infected computer and spyware authoring represents a multi-billion dollar industry.

“The true menace of spyware lies in its clandestine nature and the fact that its presence is not always immediately obvious to the user,” Finglas explains. “Traditional client security tools will not block spyware which can enter the PC via normal HTTP traffic and almost one third of surveyed companies believe they are protected when in fact they are not. 32% of respondents tell us that their outsourced IT service provider has never raised the issue of spyware with them and we believe that this represents a serious educational deficit which needs to be immediately addressed by the IT community,” he adds.

40% of respondents indicate use of a desktop-based anti-spyware tool, which generally requires user intervention for full protection. Technical staff at MJ Flood Technology advocate a server-based approach, which can be centrally controlled and managed by “pushing” regular updates out to each individual client and providing universal prevention. “Deploying anti-spyware is only part of the solution,” according to Finglas. “We work with companies to develop a holistic approach to network security including development and enforcement of a practical Internet usage policy, which encourages behaviour to minimise risk,” he says.

The motivation to conduct spyware-specific research was driven by a huge surge in the number of spyware-related calls to the MJ Flood Technology helpdesk, reflecting survey results. 51% of respondents indicate that spyware manifests itself in degradation in user performance. Sluggish Internet connections, frequent PC crashes, slower system performance and unusual web browser behaviour are just some of the issues which can lead to greatly increased IT administration overheads and reduced employee productivity.

The survey was conducted on-line during the month of December 2005 and was completed by 98 named IT contacts from a total of 800 organisations of varying sizes.